picoCTF Solutions
picoCTF 2026General SkillsEasy

bytemancy 0 picoCTF 2026 Solution

Published: March 20, 2026

Description

Can you conjure the right bytes? Download app.py and recover the exact input the server expects.

Setup

Download app.py

Download and read app.py to understand what byte sequence the server expects.

Launch the challenge instance and connect via netcat.

bash
cat app.py

Solution

Walk me through it
  1. Step 1Read the source code
    Download app.py. It prints a banner telling you exactly what to send: ASCII DECIMAL 101, three times, side-by-side, no space. ASCII 101 is the letter 'e'.
    bash
    cat app.py
    Learn more

    The ASCII (American Standard Code for Information Interchange) table maps integers 0-127 to characters. Decimal 101 is the lowercase letter 'e'. The full printable ASCII range spans 32 (space) through 126 (~). Knowing ASCII values by heart speeds up CTF challenges significantly - the most useful anchors are: 48='0', 65='A', 97='a'.

    The challenge description's phrasing "ASCII DECIMAL 101, three times" is intentionally explicit about the encoding layer: the number 101 is in decimal notation, it refers to the ASCII standard, and the character it represents is 'e' (0x65 in hex, 01100101 in binary). A beginner mistake is sending the string "101101101" (the digits) instead of "eee" (the characters).

    Netcat (nc) is a raw TCP/UDP socket tool. Piping output into nc HOST PORT sends it over the network as-is. The pipe sends the stdout of the left command to the stdin of nc, which forwards it to the server. This is the simplest way to interact with a challenge server for text-based challenges.

  2. Step 2Send the payload
    The server checks input equals b'\x65\x65\x65' (i.e. eee). HOST and the <PORT_FROM_INSTANCE> come from the instance launch page. echo appends \n; if the server bytes-compares strictly (no strip()), use echo -n or printf 'eee'. See netcat for CTF.
    bash
    echo 'eee' | nc <HOST> <PORT_FROM_INSTANCE>
    bash
    # If the server rejects the trailing newline:
    bash
    printf 'eee' | nc <HOST> <PORT_FROM_INSTANCE>
    python
    python3 -c "print('eee')" | nc <HOST> <PORT_FROM_INSTANCE>
    bash
    # Quick sanity check that 101 maps to 'e':
    python
    python3 -c 'print(chr(101))'
    Learn more

    The hex representation \x65\x65\x65 and the character string 'eee' are identical at the byte level. Decompose: 101 = 0x65 = 0b01100101 = 'e'. In Python, b'\x65' == b'e' evaluates to True. Hex escape sequences in byte strings are just an alternative notation for the same bytes, useful when the byte value does not correspond to a printable character.

    echo adds a trailing newline (\n, byte 10) to its output by default. Most challenge servers read input line-by-line and strip the newline before comparing, so this is usually fine. If a server requires no trailing newline, use echo -n or Python's sys.stdout.buffer.write(b'eee') without the newline.

    These bytemancy challenges form a series that progressively increases difficulty: from simple text to large repetitions to raw non-printable bytes to address-lookup challenges. They teach the distinction between character encodings, byte values, and how terminals and shells handle binary data - skills that are foundational for binary exploitation and network protocol work.

Flag

picoCTF{byt3m4ncy_0_...}

app.py asks for ASCII decimal 101 × 3, no spaces. ASCII 101 = 'e', so send the three-character string 'eee'.

Want more picoCTF 2026 writeups?

Browse picoCTF 2026Full library

Useful tools for General Skills

Related reading

What to try next